Commentary: Protect cell phone location data from government abuse

Ninety-one percent of Americans carry portable tracking devices. There are more than 285 million of them floating around the United States. They store our every move – to the therapist or liquor store, church or gun range – it's all there.

Of course, we don't call them tracking devices. They're our cell phones, and most of us – especially those of us in Washington – can't do without. But by transmitting information that makes it easy to get directions to the next meeting or locate the closest coffee shop, your cell phone is also recording your location, and that location data says a lot about you – where you go, what you do, and who you know. Even if you don't subscribe to a special service, your phone transmits your location back to your cell phone provider about every seven seconds. Records about when you are at church, school, work, a political rally, or a hospital or clinic are stored for months or even years. That's a treasure trove of information about your private life that's not just interesting to companies, but also to the government, which uses the information to follow many thousands of people a year.

Knowing where people go has obvious utility for law enforcement agents, who have been obtaining access to this information from cell phone companies for many years. No one objects to law enforcement access to this information if proper safeguards are in place. But given the sensitivity of location information, it is very concerning that this tracking happens without any consistent standard and often without adequate judicial oversight. Courts have divided sharply about whether the government needs a warrant based on probable cause to track cell phones. In fact Congress has never set a standard for cell tracking. Instead, law enforcement access is based on a hodgepodge of cobbled together statutes and legal precedents. Many times access to our cell location information is simply granted to agents based on their convincing a judge the information might be useful, without any Fourth Amendment showing of probable cause.

Most of us wouldn't hesitate to oppose the availability of this information to the police if our government were repressive, like that of Iran. Certainly we balk at the idea that the Iranian authorities used surveillance technology supplied by European cell phone companies to track down dissidents amid the mass protests following disputed reelection of President Mahmoud Ahmadinejad in June 2009, leading to a government crackdown on demonstrators that resulted in at least 36 deaths. But even in a democracy like ours, the possibilities for abuse of this enhanced surveillance powers should give us pause. You wouldn't want a police officer trailing you around town and recording your every movement. Unrestricted government access to the running log of location information is no better.

American courts have traditionally ruled that individuals have a "reasonable expectation of privacy" in their persons, homes, and correspondence, and that the Fourth Amendment forbids intrusions into these areas by government officials unless they demonstrate to a judge that they have "probable cause" to suspect criminal activity. For most of our history these protections proved sufficient to protect the lives and views of citizens from undue fear of government scrutiny while still allowing law enforcement to do its job. On the other hand, in the 1970s courts held that no expectation of privacy existed for information already shared with a third party (such as bank records). In those circumstances, government officials can access that information using a lower standard of suspicion, and in many cases, without judicial oversight. It is this line of legal reasoning that has allowed expanded access to location records.

Of course, neither the original drafters of Fourth Amendment protections nor the later court rulings that limited these protections anticipated the digital age, and amazingly, the Electronic Communications Privacy Act – the federal law that is supposed to be safeguarding the privacy of digital information – has not been updated since 1986, when cell phones were as large as your head and no one was thinking about how to regulate them.

Our failure to bring privacy law into the 21st century opens the door for a whole new realm of abuse, and long experience suggests that governments including our own are seldom able to resist making use of power. Abuses by bad government actors stretch well back to 1960's and unfortunately continue today. Recently the Department of Justice Inspector General issued a scathing report chastising the FBI after it was revealed that agents were circumventing the legal process for obtaining personal phone records by claiming emergency exceptions when none existed, and making untraceable requests via Post-it notes and phone calls. Unlike information in your filing cabinet, digital information offers no physical barriers to access – so our only hope is legal ones.

Today the House is holding hearings on cell phone location tracking. We urge the House Judiciary Committee to work to modernize electronic privacy law to ensure that location information is safeguarded from government abuse. The framers of our Constitution foresaw the danger of widespread surveillance and adopted the Fourth Amendment to protect against it. There is no reason we should expect less privacy now than they did then. It's time to bring this simple framework that has served us so well for 200 years into the digital age.

ABOUT THE WRITER

Catherine Crump is a staff attorney with the ACLU Speech, Privacy and Technology Project.